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DARTs  coordinate  physical  agents  in  an 
uncertain  and  changing  physical  world. 

•  Coordination  -  physical  agents 

•  Timeliness  -  safety  critical 

•  Resource  constrained  -  UAVs 

•  Sensor  rich  -  sensing  physical  world 

•  Intimate  cyber  physical  interactions 

•  Automated  adaptation  to  physical 
context  and  rational  adversaries 

•  Computationally  complex  decisions 


Coordination,  adaptation,  and 
uncertainty  pose  key  challenges 
for  assuring  safety  and  mission 
critical  behavior  of  distributed 
cyber-physical  systems. 


The  DART  project  uses  develops 
and  packages  sound  techniques 
and  tools  for  engineering  high- 
assurance  distributed  CPS. 


DART  Assurance  Today 


Currently  validated  via  testing 

•  Low  coverage,  late  in  development 

Rigorous  &  exhaustive  analysis 
provides  higher  assurance 

•  Non-compositional  V&V  does  not  scale 

•  Probabilistic  &  deterministic  requirements 

Goal:  Develop  new  theories,  analyses 
and  tools  to  engineer  high-assurance 
DARTs  with  evidence  of  correctness 
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DART  in  a  Nutshell 


1.  Enables  compositional  and  requirement 
specific  verification 

2.  Use  proactive  self-adaptation  and  mixed 
criticality  to  cope  with  uncertainty  and 
changing  context 


1.  ZSRM  Schedulability  (Timing) 

2.  Software  Model  Checking  (Functional) 

3.  Statistical  Model  Checking  (Probabilistic) 


System  + 
Requirements 
(AADL  +  DSL) 


Verification 


Code 

Generation 


1.  Middleware  for  communication 

2.  Scheduler  for  timing  contracts 

3.  Monitor  for  functional  contracts 


-  Software  Engineering  Institute 


Demonstrate  on  DoD-relevant  model 
problem  (DART  prototype) 

•  Engaged  stakeholders 

•  Technical  and  operational  validity 
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DART  High-Level  Architecture 


A  Software  for  guaranteed  ^ 

requirements,  e.g.,  collision 
avoidance  protocol  must 
ensure  absence  of  collisions 


Software  for  probabilistic 
requirements,  e.g.,  adaptive  path- 
planner  to  maximize  area  coverage 
within  deadline 


High-Critical  Low-Critical 
Threads  (HCTs)  Threads  (LCTs) 


MADARA  Middleware 


ZSRM  Mixed-Criticality  Scheduler 

OS/Hardware 


Environment 
-  network, 
sensors, 
atmosphere, 
ground  etc. 


Node i 


H  L 

C  C 

T  T 


MADARA 

Sched 

OS/HW 

Nodek 


Research  Thrusts 

•  Proactive  Self-Adaptation 

•  Statistical  Model  Checking 

•  Real-Time  Schedulability 


Validation  Thrusts 

•  Model  Problem 

•  Workbench 


SoftwJ 


Functional  Verification 


I 


l>n  University 
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Roadmap  &  Foundations 


Thrust  Area 


Proactive  Self- 
Adaptation 

Verification 

Real-Time 

Schedulability 

Functional 

Verification 

Statistical  Model 
Checking 

Workbench 


Coordination 

(ELASTIC) 


Jan 


Apr 


Jul 


Oct 


Latency-aware  Self- 
Adaptation 


CMU/SCS  FY14 


Disaggregation, 

Machine-learning 


ZSRM  scheduler  integrated 
with  DART  workbench 

Bounded  Model  Checking  of 
Synchronous  Software 


HCCPS  FY12-FY14 

HCCPS  FY12-FY14 


Mixed-criticality  among  multi¬ 
agents  &  end-to-end  OR  with 
Input/Output 

Unbounded  Model  Checking 
of  Asynchronous  Software 


Crude  Monte-Carlo  based 
SMC,  applied  to  simple 
examples 


AFOSR  FY14 


Heterogeneous  Fault  Regions 
and  Systems  with  Non¬ 
determinism,  HPC  Simulation 


Preliminary  version  of  DSL, 
Code  generation,  ZSRM, 
CBMC,  V-REP  simulation, 
simple  examples 


MCDA  FY14 


Completed  DSL,  model 
problem,  ODroid  Code 
Generation,  AADL/OSATE, 
Verification  Tools 


Synchronous,  multi-agent 


GAMS  FY14 


Asynchronous,  multi-agent 
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Simple  Model  Problem:  Coordinated  Protection 

J) 

v  leader 

/  protector 

VX  _ ) 


<  <  <  < 
<  (< 
<  <  <  < 


Fleet’s 

Initial 

State 


Assumptions 

2D  Universe  (X  by  Y  matrix) 

Perfect  communications 
between  agents 

Perfect  localization  for  each 
agent 

11  nodes 

•  N0  is  the  leader 

•  Nr  -  N10  are  the  protectors 

Operation 

N0  moves  from  (x,y)  (x',y') 

N1  -  Nl0  move  to  maintain 
defensive  perimeter 


Guaranteed  Properties 

No  collision 

Best  Effort 

Defensive  perimeter 

Resource  conservation  (e.g., 
fewest  moves) 

Adaptation  w/  Uncertainty 
(next  step) 

Lose  of  a  Protector 

Lose  of  a  Leader  (new 
election) 

Directional  threats  (shield 
formation  vs.  perimeter 
formation) 
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Fleet  Operation:  Defensive  Posture 
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Free  guard  UAVs  move 
around  to  front, 
simultaneously 


Rear  guard  closes  gap, 
leaving  two  free  guard 
UAVs 


Coordination  needed  at  each 
step  to  avoid  collision 
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Fleet  Operation:  Defensive  Posture 
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Front  guard  UAV 
makes  space 
for  N0  to  move 
forward 


t 


j 


Free  guard  UAVs  move 
around  to  front, 
simultaneously 


Coordination  needed  at  each 
step  to  avoid  collision 
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Fleet  Operation:  Defensive  Posture 


N1  -  N10  comply 
and  begin 
coordinate 
perimeter  repair 


Ni  ~  Nw  comply 
and  begin 
coordinate 
perimeter  repair 


:  ■: 

< 

•:  •: 


N0  signals 
change  in 
direction 


Coordination  needed  at  each 
step  to  avoid  collision 
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Broader  Model  Problem 


Obstacle 
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Goal 


Mission  assurance 

•  Goals 

•  Objectives 

Resiliency 

•  Design  time  Verification 

-  Guaranteed  behavior 

-  Best-effort  behavior 

•  Runtime  Assurance 

-  Critical  Timing 
behavior 

-  Coordination 

-  Adaptation 
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Contact  Information  Slide  Format 


Sagar  Chaki 

Senior  MTS 
SS  D/CSC 

Telephone:  +1  412-268-1436 
Email:  chaki@sei.cmu.edu 

Web 

www.sei.cmu.edu 

www.sei.cmu.edu/contact.cfm 


U.S.  Mail 

Software  Engineering  Institute 
Customer  Relations 
4500  Fifth  Avenue 
Pittsburgh,  PA  15213-2612 
USA 

Customer  Relations 

Email:  info@sei.cmu.edu 
Telephone:  +1  412-268-5800 

SEI  Phone:  +1  412-268-5800 

SEI  Fax:  +1  412-268-6257 
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